using xacml for access control in
play

Using XACML for access control in Social Networks Anna Carreras, - PowerPoint PPT Presentation

Mar 25, 2024 •452 likes •712 views

Using XACML for access control in Social Networks Anna Carreras, Eva Rodrguez, Jaime Delgado Distributed Multimedia Applications Group (DMAG) Universitat Politcnica de Catalunya (UPC) W3C Workshop on Access Control Application Scenarios

  1. Using XACML for access control in Social Networks Anna Carreras, Eva Rodríguez, Jaime Delgado Distributed Multimedia Applications Group (DMAG) Universitat Politècnica de Catalunya (UPC) W3C Workshop on Access Control Application Scenarios Luxembourg, 17 November 2009

  2. DMAG (Distributed Multimedia Applications Group) RESEARCH TOPICS Creation, management and distribution of multimedia content in a secure and interoperable way • Electronic commerce of multimedia services and products • Metadata interoperability and ontologies • Security, privacy and digital management of rights along the content life cycle • Multimedia search • Context handling and semantics • Event reporting • Privacy and rights in online social networks • Contribution to Standardization: MPEG, JPEG, …

  3. Contents  Context and motivation  Open issues on access control policy languages for Social Networks  Our approach  Interoperability with content-associated policies based on XACML  Rights Expression Languages, Policy languages and Social Networks  Negotiating access control rules using XACML  Semantic interoperability  Conclusions

  4. Context and motivation  Web 2.0 (Social Networks)  PRIVACY  Privacy needs to be protected!  Our work done so far on Social Networks  Issues to be solved

  5. Context and motivation  Our work done so far on Social Networks:  Current privacy policies  Identification of useful elements of DRM systems  Implementation of privacy policies (XACML, MPEG-21 REL, ODRL)  Interoperability of RELs based on XACML  Privacy model (context-aware applications)  Issues that need to be solved:  Policy languages limitations for Social Networks  Interoperability among different policy languages

  6. Open issues on access control policies languages for SNs  Access control policies languages limitations for SNs  New type of “resources” need to be protected (relationships, events)  High degree of expressiveness is demanded by users (preferences)  Policy expressions mainly depend on the access context  Lack of a standard format expressing SNs context  Lack of semantic interoperability  Different services, different access control policies languages, different contexts  Lack of control for “third parties” applications  SNs’ users also need to control them  Access control models could be based on symmetric level of trust and have negotiation capabilities

  7. Interoperability with content-associated policies based on XACML  Users don’t need to share all their data with the Service (i.e. Social Network) Provider

  8. Demo application  Facebook application to include protected content  Linked to external system (outside Facebook)  Licenses/policies specification for the content  External system authorization  VIDEO http://dmag.ac.upc.edu/downloads/ xmerjd_virtualgoods09.avi

  9. Rights Expression vs Policy languages  Digital Rights Management (DRM) systems enable the management of content through the complete digital value chain:  Content creation, adaptation, aggregation  Distribution, superdistribution, offers  Content consumption  Rights Expression Languages (RELs) were devised to express the terms and conditions of use of content  Policy languages exist to define which entities have access to which resources  SNs requirements?

  10. REL vs PL: Social Networks Requirements  Social Networks provide:  User (& relationships & actions) information  Sharing of user content  ...  SNs need languages for the definition of content & user info usage rules (and their enforcement)  Control the usage (distribution, consumption, adaptation, negotiation, etc.) of personal data and digital content generated by the users  Candidate languages:  Policy languages (from Access Control)  Rights Expression Languages (from Content Mngnt. & Prot.)

  11. Policy languages & Social Networks  SNs can use policy languages to define which entities have access to which resources  Do current policy languages (e.g. XACML) support negotiation, personal data management, and can express complex content & user info usage rules?  Example of content usage rule: “ Only my workmates can see the company Christmas Dinner photo album during this month ”  The accomplishment of this rule implies knowledge about users (“workmates”)

  12. Rights Expression Languages & SNs  RELs express the terms and conditions of use of content through the complete digital value chain  Do RELs support negotiation, personal data management, and can express complex content & user info usage rules?  Current RELs cannot express complex content usage rules needed in SNs  Previous example  Extensions must be defined with new rights, conditions, user characteristics, …

  13. XACML policy example <Policy> <Rule RuleId="urn:oasis:names:tc:xacml:2.0:example:SR1" Effect="Permit"> <Target> <Subjects> <Subject> … <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string"> Alice workmates group </AttributeValue> … </Subject> </Subjects> <Resources> <Resource> … <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">/vc:ChristmasDinner</AttributeValue> … </Resource> </Resources> <Actions> <Action> <ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string"> view</AttributeValue> … </Action> </Actions> </Target> <!-- Only during January 2010 --> <Condition > …. </ Condition> </Rule> </Policy>

  14. Architecture for REL  XACML translation

  15. MPEG-21 Example license

  16. ODRL Example license

  17. XACML Example license

  18. MPEG-21 to XACML translation

  19. ODRL to XACML translation

  20. Negotiating access control using RELs License  RELs can be used to express Grant (  ) offers Principal (  ) Obtain ( O )  MPEG- 21 REL, ODRL, … GrantGroup (  ’) Grant 1  Users propose to others the usage Principal (  ’ 1 ) Right (  ’ 1 ) of their content according to the Resource (  ’ 1 ) rights and conditions that they Conditions (  ’ 1 ) negotiate Grant N Principal (  ’ N )  MPEG-21 REL example: Right (  ’ N ) Resource (  ’ N ) Conditions (  ’ N ) Conditions (  ) Issuer (  ) Time of Issuance ( T )

  21. Negotiating access control using XACML <Policy> <Rule RuleId="urn:oasis:names:tc:xacml:2.0:example:OF1" Effect="Permit"> <Target> <Resources> <Resource> <Rule RuleId="urn:oasis:names:tc:xacml:2.0:example:VW1" Effect="Permit"> <Target> <Resources> <Resource> … <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">/vc:video</AttributeValue> … </Resource> </Resources> <Actions> <Action> <ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string"> view</AttributeValue> … </Action> </Actions> </Target> </Rule> </Resource> </Resources> <Actions> <Action> <ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string"> obtain</AttributeValue> … </Action> </Actions> </Target> </Rule> </Policy>

  22. Semantic Interoperability  Current existing ontologies  Social Networks  Friend Of A Friend (FOAF)  Contextual Information  Delivery Context Ontology  DRM  Media Value Chain Ontology  … Not enough to express all possible privacy requirements for SNs ! A lot of work needs to be done!

  23. Conclusions  Issues on access control policies for Social Networks have been analysed, including:  Access control policy languages limitations for SNs  Lack of semantic interoperability  Possible approaches:  Use of Rights Expression Languages concepts to improve Policy languages for Social Networks  Interoperability with content-associated policies based on XACML  Negotiating access control rules using XACML  Extending ontologies to achieve semantic interoperability  An extension to current Policy languages (XACML) to support SNs requirements may be needed

  24. Using XACML for access control in Social Networks Anna Carreras, Eva Rodríguez, Jaime Delgado Distributed Multimedia Applications Group (DMAG) Universitat Politècnica de Catalunya (UPC) W3C Workshop on Access Control Application Scenarios Luxembourg, 17 November 2009

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

XACML eXtensible Access Control Markup Language Dennis Kafura Derived from materials authored

XACML eXtensible Access Control Markup Language Dennis Kafura Derived from materials authored

XACML eXtensible Access Control Markup Language Dennis Kafura Derived from materials authored by: Hal Lockhart Entegrity Solutions and OASIS XACML Draft Standard CS 6204, Spring 2005 1 2 Dataflow Model From: OASIS XACML Specification

929 views • 16 slides
XACML and Role-Based Access Control Jason Crampton Royal Holloway, University of London DIMACS

XACML and Role-Based Access Control Jason Crampton Royal Holloway, University of London DIMACS

XACML and Role-Based Access Control Jason Crampton Royal Holloway, University of London DIMACS Workshop on Secure Web Services and e-Commerce XACML and RBAC/Introduction Jason Crampton Programme Examine the XACML standard and the XACML RBAC

499 views • 32 slides
XACML Function Annotations Prathima Rao Dan Lin Elisa Bertino IEEE POLICY 2007 Department of

XACML Function Annotations Prathima Rao Dan Lin Elisa Bertino IEEE POLICY 2007 Department of

Department of Computer Sciences XACML Function Annotations Prathima Rao Dan Lin Elisa Bertino IEEE POLICY 2007 Department of Computer Sciences XACML OASIS standard for specifying access control policies in enterprise systems. XML

341 views • 11 slides
An Automated Model-based Test Oracle for Access Control Systems Antonia Bertolino 1 , Said

An Automated Model-based Test Oracle for Access Control Systems Antonia Bertolino 1 , Said

An Automated Model-based Test Oracle for Access Control Systems Antonia Bertolino 1 , Said Daoudagh 1,2 , Francesca Lonetti 1 , Eda Marchetti 1 1 ISTI-CNR 2 University of Pisa Agenda Introduction Access Control Systems XACML policies

459 views • 31 slides
XACML, ABAC, Privacy preserving access-controls Oleksandr

XACML, ABAC, Privacy preserving access-controls Oleksandr

XACML, ABAC, Privacy preserving access-controls Oleksandr Bodriagov School of Computer Science and Communica9on KTH - The Royal Ins9tute of

509 views • 25 slides
Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects : system resources for which protection is

576 views • 21 slides
XACML-Grid and XACML-NRP Attributes and Policy Profiles and Policy Obligations Handling

XACML-Grid and XACML-NRP Attributes and Policy Profiles and Policy Obligations Handling

XACML-Grid and XACML-NRP Attributes and Policy Profiles and Policy Obligations Handling Overview by Yuri Demchenko On behalf of OSG/EGEE AuthZ Interoperability WG and Phosphorus project SNE Group, University of Amsterdam TF-EMC2 Meeting 3

633 views • 50 slides
Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of Access Control Discretionary acces control Mandatory access control Real systems: Unix Access Control Model Access control Access

817 views • 47 slides
Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control? How Is Access Determined? Who Determines Access? Forms of Access Control SELinux Booleans iptables File Access Control Lists Apache Access Control

711 views • 36 slides
1 General Access Control General Access Control Control of access to memory relatively easy:

1 General Access Control General Access Control Control of access to memory relatively easy:

Role of Access Control Before closing back doors we need to close front doors Access control: determines access to files &amp; processes in OS Fall 2008 We will return to these themes throughout the course Fall 2008 CS

512 views • 6 slides
SYSTEM DIAGRAMS Door Entry &amp; Access Control ACCESS CONTROL ACCESS CONTROL Allowing

SYSTEM DIAGRAMS Door Entry &amp; Access Control ACCESS CONTROL ACCESS CONTROL Allowing

SYSTEM DIAGRAMS Door Entry &amp; Access Control ACCESS CONTROL ACCESS CONTROL Allowing residents / staff access to site areas Main entrance Vehicle entrances Pedestrian entrances Gate / Barrier entrance Bin / Bike / Refuge

336 views • 14 slides
Overview Basic Principles Access Control Methodologies Controls Access Control Designs

Overview Basic Principles Access Control Methodologies Controls Access Control Designs

Overview Basic Principles Access Control Methodologies Controls Access Control Designs Access Control Administration Accountability Chapter 2 Access Control Models Identification and Authentication Methods Lecturer:

708 views • 9 slides
Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control Introduction to Computer Security Access control, contd Announcements intermission Stephen McCamant Capability-based access control University

380 views • 7 slides
D2: Access Control #2: Access cess Contr trol ol Similar to OWASP Top 10 Insufficient

D2: Access Control #2: Access cess Contr trol ol Similar to OWASP Top 10 Insufficient

D2: Access Control #2: Access cess Contr trol ol Similar to OWASP Top 10 Insufficient access control and authentication checks Insecure access control methods Private, internal functions and data are accessible through a

547 views • 11 slides
Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP is a

Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP is a

Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP is a simple, modular approach to networked access control with scalability in mind. Easy management from a central location PC from anywhere with an

196 views • 9 slides
Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of

Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of

Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of achieving confiden5ality and integrity) Who can access What Objects : Subjects : Files/ Programs/ Sockets/ User/ process/ applica5on Hardware/

985 views • 46 slides
Indrustry/Academic partnership: y p p ageme an experience at DAMA-UPC Mana Josep-L.

Indrustry/Academic partnership: y p p ageme an experience at DAMA-UPC Mana Josep-L.

PC nt - UP Indrustry/Academic partnership: y p p ageme an experience at DAMA-UPC Mana Josep-L. Larriba-Pey Data Expertise UPC, Technical University of Catalunya, Barcelona. Formed by 25 members, 3 professors (2 CS, 1 statistitian),

393 views • 6 slides
Steven R. Seidel 1951-2014 Professional Background Ph.D 1979 University of Iowa

Steven R. Seidel 1951-2014 Professional Background Ph.D 1979 University of Iowa

Steven R. Seidel 1951-2014 Professional Background Ph.D 1979 University of Iowa Professor of Computer Science, Michigan Tech PGAS Implementations, Algorithms and Optimizations. Early Hypercube algorithms, Exploration of

308 views • 8 slides
A C omparative S tudy of M odulo S cheduling T echniques Josep M. Codina, Josep Llosa and Antonio

A C omparative S tudy of M odulo S cheduling T echniques Josep M. Codina, Josep Llosa and Antonio

UNIVERSITAT POLITCNICA DE CATALUNYA UPC A C omparative S tudy of M odulo S cheduling T echniques Josep M. Codina, Josep Llosa and Antonio Gonzlez Dept. of Computer Architecture Universitat Politcnica de Catalunya Barcelona, SPAIN E-mail:

777 views • 38 slides
A Comprehensive Scenario Agnostic Data LifeCycle Model for an Efficient Data Complexity

A Comprehensive Scenario Agnostic Data LifeCycle Model for an Efficient Data Complexity

2016 IEEE 12th International Conference on eScience, Baltimore A Comprehensive Scenario Agnostic Data LifeCycle Model for an Efficient Data Complexity Management Amir Sinaeepourfard, Jordi Garcia , Xavier Masip-Bruin, Eva Marn-Tordera

335 views • 15 slides
Compilation Techniques for Partitioned Global Address Space Languages Katherine Yelick U.C.

Compilation Techniques for Partitioned Global Address Space Languages Katherine Yelick U.C.

Compilation Techniques for Partitioned Global Address Space Languages Katherine Yelick U.C. Berkeley and Lawrence Berkeley National Lab http://titanium.cs.berkeley.edu http://upc.lbl.gov 1 Charm++ 2007 Kathy Yelick HPC Programming: Where

575 views • 42 slides
Outline Introduction PGAS Chapel Motivation Related Studies Benchmarks

Outline Introduction PGAS Chapel Motivation Related Studies Benchmarks

Outline Introduction PGAS Chapel Motivation Related Studies Benchmarks Versions Evaluation Conclusion 5/27/16 Engin Kayraklioglu - CHIUW 2016 1 Introduction - PGAS Actual Abstraction 5/27/16 Engin

787 views • 32 slides
SMARTxAC &amp; Sentinel Maria Isabel Ganda, Communications Service Manager, CESCA Maurizio

SMARTxAC &amp; Sentinel Maria Isabel Ganda, Communications Service Manager, CESCA Maurizio

SMARTxAC &amp; Sentinel Maria Isabel Ganda, Communications Service Manager, CESCA Maurizio Molina, CEO, 8th TF-NOC meeting, GRnet, Athens, 27-5-2013 Agenda SMARTxAC Introduction The evolution of the network and the evolution of

615 views • 26 slides
Brexit means Brexit Olivia Murphy Chartered &amp; European Patent Attorney Haseltine Lake

Brexit means Brexit Olivia Murphy Chartered &amp; European Patent Attorney Haseltine Lake

Brexit means Brexit Olivia Murphy Chartered &amp; European Patent Attorney Haseltine Lake LLP Latest News Brexit Day: 29 March 2019 Draft agreement published reflecting state of negotiations between UK and EU on transitional

783 views • 21 slides

More recommend